package com.microsoft.ngc.provider.cryptography;

import android.content.Context;
import com.microsoft.authenticator.core.common.Strings;
import com.microsoft.authenticator.core.logging.BaseLogger;
import com.microsoft.ngc.provider.exceptions.NgcCredentialException;
import com.microsoft.ngc.provider.exceptions.NgcDeviceLockScreenRequiredException;
import com.microsoft.ngc.provider.exceptions.NgcDeviceNotSupportedException;
import com.microsoft.ngc.provider.exceptions.UnrecoverableNgcCredentialException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.util.Locale;

/* loaded from: classes2.dex */
public class NgcCredentialManager {
    private static final String BCRYPT_RSAPUBLIC_MAGIC = "RSA1";
    private static final String KEY_DUMMY_NGC_ALIAS = "MicrosoftAuthenticatorDummyNgc";
    private static final String KEY_PAIR_ALIAS_FORMAT = "MicrosoftAuthenticatorNgc-%s";
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final String SPONGY_CASTLE_CRYPTO_PROVIDER = "SC";
    private final Context _applicationContext;
    private final NgcKeyStore _keyStorage;

    public NgcCredentialManager(Context context) {
        try {
            this._keyStorage = new NgcKeyStore();
            this._applicationContext = context;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Creation of keystore failed.", e);
        } catch (CertificateException e2) {
            throw new RuntimeException("Reading certificates from keystore failed.", e2);
        }
    }

    private static byte[] convertToLittleEndianByteArray(int i) {
        ByteBuffer allocate = ByteBuffer.allocate(4);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(i);
        return allocate.array();
    }

    private static int convertToUnsignedInteger(int i) {
        return (int) (i & (-1));
    }

    private void deleteKeyPairInternal(String str) {
        try {
            this._keyStorage.deleteKey(str);
        } catch (KeyStoreException e) {
            BaseLogger.e("Could not access keystore for deletion of ngc credentials", e);
        }
    }

    public static byte[] exportPublicKeyAsRsaBCryptBlob(RSAPublicKey rSAPublicKey) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(BCRYPT_RSAPUBLIC_MAGIC.getBytes(Strings.Utf8Charset));
            byteArrayOutputStream.write(convertToLittleEndianByteArray(convertToUnsignedInteger(2048)));
            byte[] byteArray = rSAPublicKey.getPublicExponent().toByteArray();
            byteArrayOutputStream.write(convertToLittleEndianByteArray(convertToUnsignedInteger(byteArray.length)));
            byte[] byteArray2 = rSAPublicKey.getModulus().toByteArray();
            byteArrayOutputStream.write(convertToLittleEndianByteArray(convertToUnsignedInteger(byteArray2.length)));
            byte[] convertToLittleEndianByteArray = convertToLittleEndianByteArray(0);
            byteArrayOutputStream.write(convertToLittleEndianByteArray);
            byteArrayOutputStream.write(convertToLittleEndianByteArray);
            byteArrayOutputStream.write(byteArray);
            byteArrayOutputStream.write(byteArray2);
            byteArrayOutputStream.flush();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            BaseLogger.e("Unable to construct a BCRYPT_RSAKEY_BLOB", e);
            return null;
        }
    }

    public boolean canGenerateHardwareBackedKeyPairSilently() {
        BaseLogger.i("Checking if hardware-backed NGC can be generated silently.");
        NgcKeyInfo generateHardwareBackedKeyPairSilently = NgcKeyPairGenerator.generateHardwareBackedKeyPairSilently(KEY_DUMMY_NGC_ALIAS);
        if (generateHardwareBackedKeyPairSilently == null) {
            return false;
        }
        deleteKeyPairInternal(KEY_DUMMY_NGC_ALIAS);
        return generateHardwareBackedKeyPairSilently.isHardwareBacked();
    }

    public boolean containsKey(String str) {
        try {
            return this._keyStorage.containsKey(String.format(Locale.US, KEY_PAIR_ALIAS_FORMAT, str));
        } catch (KeyStoreException e) {
            BaseLogger.e("Keystore in invalid state", e);
            return false;
        }
    }

    public void deleteKeyPair(String str) {
        deleteKeyPairInternal(String.format(Locale.US, KEY_PAIR_ALIAS_FORMAT, str));
    }

    public NgcKeyInfo generateKeyPair(String str, boolean z) throws NgcDeviceNotSupportedException, NgcDeviceLockScreenRequiredException {
        BaseLogger.i("Attempting to generate RSA keypair. requireHardwareBacked = " + z);
        return NgcKeyPairGenerator.generateKeyPair(this._applicationContext, String.format(Locale.US, KEY_PAIR_ALIAS_FORMAT, str), z);
    }

    public PublicKey getPublicKey(String str) throws NgcCredentialException {
        try {
            return this._keyStorage.getPublicKey(String.format(Locale.US, KEY_PAIR_ALIAS_FORMAT, str));
        } catch (KeyStoreException e) {
            throw new NgcCredentialException("Access of keystore failed.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Nonexistent algorithm specified.", e2);
        } catch (UnrecoverableEntryException e3) {
            throw new UnrecoverableNgcCredentialException("Could not retrieve key from keystore.", e3);
        } catch (CertificateException e4) {
            throw new NgcCredentialException("There was a problem loading certificates from the keystore.", e4);
        }
    }

    public byte[] sign(byte[] bArr, String str) throws NgcCredentialException, InvalidKeyException {
        BaseLogger.i("Using NGC to sign challenge.");
        Provider provider = Security.getProvider(SPONGY_CASTLE_CRYPTO_PROVIDER);
        Security.removeProvider(SPONGY_CASTLE_CRYPTO_PROVIDER);
        try {
            try {
                try {
                    try {
                        PrivateKey signingKey = this._keyStorage.getSigningKey(String.format(Locale.US, KEY_PAIR_ALIAS_FORMAT, str));
                        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
                        signature.initSign(signingKey);
                        signature.update(bArr);
                        return signature.sign();
                    } catch (NoSuchAlgorithmException e) {
                        throw new RuntimeException(e);
                    }
                } catch (KeyStoreException e2) {
                    throw new NgcCredentialException("Access of keystore failed.", e2);
                } catch (SignatureException e3) {
                    throw new NgcCredentialException("Signature instance was improperly initialized.", e3);
                }
            } catch (UnrecoverableEntryException e4) {
                throw new UnrecoverableNgcCredentialException("Could not retrieve key from keystore.", e4);
            } catch (CertificateException e5) {
                throw new NgcCredentialException("There was a problem loading certificates from the keystore.", e5);
            }
        } finally {
            if (provider != null) {
                Security.insertProviderAt(provider, 1);
            }
        }
    }
}
